I have mythtv installed at home, and currently use a partition on a separate drive to store my recorded shows (/dev/hda1, mapped as /data1). I recently installed mythweb, which seems to be working fine except for one minor issue - whenever I try to list the recorded programs via the mythweb interface, php errors pop up with permission issues, and the following appears in my kernel log:
kernel: audit(1107226430.548:0): avc: denied { search } for pid=29290 exe=/usr/sbin/httpd name=/ dev=hda1 ino=2 scontext=root:system_r:httpd_t tcontext=system_u:object_r:default_t tclass=dir
kernel: audit(1107226430.549:0): avc: denied { getattr } for pid=29290 exe=/usr/sbin/httpd path=/data1 dev=hda1 ino=2 scontext=root:system_r:httpd_t tcontext=system_u:object_r:default_t tclass=dir
kernel: audit(1107226430.549:0): avc: denied { getattr } for pid=29290 exe=/usr/sbin/httpd path=/data1 dev=hda1 ino=2 scontext=root:system_r:httpd_t tcontext=system_u:object_r:default_t tclass=dir
which makes sense, I suppose - httpd shouldn't be touching stuff in /data1 - but I'd like to allow httpd to see these files. As far as my limited understanding goes (I'm still trying to grok selinux), is the best way to do this to add an entry in /etc/selinux/targeted/contexts/files/file_contexts, then fire up restorecon?
Thanks for any help, Tim
On Mon, Jan 31, 2005 at 07:21:01PM -0800, Tim Fenn wrote:
I have mythtv installed at home, and currently use a partition on a separate drive to store my recorded shows (/dev/hda1, mapped as /data1). I recently installed mythweb, which seems to be working fine except for one minor issue - whenever I try to list the recorded programs via the mythweb interface, php errors pop up with permission issues, and the following appears in my kernel log:
never mind - solved my issue:
/data1(/.*)? system_u:object_r:httpd_user_content_t
in file_contexts did the trick. Its also recently been discussed on mythtv-users:
http://www.gossamer-threads.com/lists/mythtv/users/107361
Regards, Tim
-
Tim Fenn